Cyber Resilience for Connected Systems

Why Cybersecurity Is Becoming a Strategic Priority for Manufacturing Leaders

The protection of Operations Technology (OT) systems is rapidly evolving from a highly specialized technical discipline into a strategic business priority for production and operations leaders. What was once viewed primarily as an IT issue is now directly impacting availability, resilience, compliance, and the long-term competitiveness of industrial companies.

This shift is driven not only by the increasing digitalization of production environments and the growing connectivity of machines and industrial systems. Regulatory pressure is also rising significantly. With the introduction of the Cyber Resilience Act (CRA) and the new Machinery Regulation, cybersecurity is becoming an integral part of product responsibility and risk management.

Three Developments Increasing the Pressure to Act

1. Increasing Connectivity Expands the Attack Surface

Production facilities, industrial control systems, and connected machines are far more interconnected today than they were just a few years ago. Remote access, IoT components, cloud integrations, and historically grown interfaces between IT and OT environments create new dependencies and potential vulnerabilities.

At the same time, cyberattacks are becoming increasingly automated and scalable — particularly through the use of artificial intelligence (AI). Vulnerabilities can now be identified and exploited much faster than before. Especially critical are situations where organizations lack transparency regarding communication paths, system dependencies, responsibilities, or historically evolved network structures.

For production and operations leaders, this raises important strategic questions:

• Where do critical dependencies exist within our production and system landscape?

• Which communication relationships are security-relevant?

• What risks arise from external access or historically evolved structures?

• Which systems are critical for availability, operational stability, and safety?

In many organizations, the greatest risk is not the lack of technology — but the lack of transparency regarding their own OT landscape.

2. Regulatory Requirements Are Becoming Mandatory

Alongside technological developments, the regulatory relevance of OT security is increasing significantly. With the Cyber Resilience Act (CRA), the EU is introducing binding cybersecurity requirements for digital products across their entire lifecycle. Manufacturers of connected systems will increasingly need to demonstrate that security considerations have already been integrated into the development process — for example through “Security by Design” and “Security by Default.”

In addition, the new Machinery Regulation (EU) 2023/1230 is gaining importance. From January 2027 onward, cybersecurity aspects will become a mandatory part of the conformity assessment process for nearly all machines and industrial systems.

As a result, cybersecurity is increasingly becoming a key factor for:

• Market access

• Delivery capability

• Customer trust

• Liability and operational risks

It is important to distinguish between regulatory requirements and normative frameworks. While the CRA and Machinery Regulation define legal obligations, standards such as IEC 62443 provide a structured methodological framework for securing industrial systems and implementing sustainable “Security by Design” capabilities.

3. OT Security Is Becoming an Organizational Cross-Functional Responsibility

Many organizations still approach OT security primarily from a technology perspective — for example by implementing isolated security tools or infrastructure measures. However, sustainable OT security is not created through individual technologies alone, but through a systematic understanding of risks, responsibilities, and critical operational processes.

Successful companies increasingly view OT security as a cross-functional management responsibility involving:

• Operations

• Engineering

• IT

• Product Development

• Compliance

• Management

Key focus areas include:

• Transparency across systems, dependencies, and communication flows

• Clear responsibilities

• Structured risk assessments

• Integration of security considerations into development, operations, and maintenance processes

• Early alignment with regulatory requirements

  
  

How Companies Can Take a Structured Approach

From our perspective, a step-by-step and methodical approach is far more effective than isolated individual measures.

A practical starting point often includes:

• Creating transparency across existing OT and communication structures

• Identifying critical dependencies and risks

• Assessing regulatory exposure

• Clarifying responsibilities

• Defining prioritized fields of action

Based on this foundation, companies can systematically further develop their security architecture, processes, and governance structures.

For production and operations leaders in particular, OT security is increasingly becoming a strategic component of resilient operational and manufacturing structures.

Conclusion

OT security is evolving from a niche technical topic into a strategic management responsibility. This development is driven not only by emerging technological risks, but also by increasing demands for resilience, compliance, and long-term competitiveness.

For CEOs, COOs, and Heads of Operations especially, it will become essential to align security, operational stability, and regulatory requirements proactively — rather than only reacting in response to security incidents or regulatory audits.